top of page

S3.12

S3 access control lists (ACLs) should not be used to manage user access to buckets

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

Amazon S3

AWS Foundational Best Practice, NIST CSF, NIST.800-53.r5,

This control checks if S3 buckets allow user permissions via access control lists (ACLs). This control fails if ACLs are configured for user access on S3 Bucket.

bottom of page